A report of Bloomberg says the hackers breached the security of Verkada, a corporate video surveillance company, and were able to access live feeds from more than 150,000 cameras. The reporter was in contact with the hackers, who said they had access to hundreds of cameras at Tesla’s facilities, as well as other companies like Cloudflare.
In a statement, a spokesperson for Verkada said: “We have disabled all internal administrator accounts to prevent unauthorized access. Our internal security team and our external security firm are investigating the scale and scope of this problem, and we informed the police. “
Hackers said they lost access after Bloomberg contacted the company, but they initially entered through a “Super Admin” connection that was exposed on the internet, and then used the built-in camera features to gain root access and remote control. Motherboard previously reported of Verkada employees using surveillance cameras in their own offices to harass others and take pictures of the women they worked with, and now has obtained a hacker spreadsheet identifying 24,000 organizations that could use his cameras.
On its website, Verkada touts its ability to provide secure remote access to camera feeds “providing real-time visibility of events at sites.” He also advertises “video analysis“which can rely on facial recognition, vehicle identification and tracking using technology integrated directly into the cameras. One of the group behind the breach said Bloomberg that this incident “shows how widely we are monitored and how little care is taken at least to secure the platforms used to do so, without seeking only profit”.